Dailydave mailing list archives
Re: w00t 08
From: Dean Pierce <piercede () pdx edu>
Date: Sun, 03 Aug 2008 11:39:10 -0700
It's just too easy to game the system in academia. Professors are rated on the number of papers referencing them, and also how well their PhD students are doing. Most universities require students to have at least a few journal papers. The way I have seen it, it normally works like this: Professor Alice and professor Bob are tenured professors at their respective universities. Alice and Bob know each other because they are in the same field, so they attend the same conferences. Alice and Bob sit as reviewers for various journals. Alice has a PhD student, Carol, who needs to get a paper published. To get the paper published, Carol is told to put Alice as the first author, add as many references at the end as possible to Bob's papers, and submit it to Bob's journal. It is also assumed that Bob's students will be allowed to publish in Alice's journal. *** the result *** Bob gains references, which elevates his position at the university. Alice's PhD student gets published, which elevates her position. Carol gets her PhD. *** the problem *** If Bob does not recognize the first author, there is no way he is going to take the paper seriously. If the paper does not reference any of Bob's papers, Bob has no incentive to allow the paper to be published, and the paper is rejected with "author does not know the literature". I have seen scenarios where Alice is still the first author, but Carol doesn't put Bob as a reference. Bob then complains to Alice about this. Alice tells Carol to put Bob as a reference, they resubmit the exact same paper, and the paper is accepted. *** punchline *** The whole concept of "academic peer review" is a giant political circle jerk. When someone complains about lack of "peer review", they are most likely complaining about someone "not going through the proper channels". With all that said, I agree completely that computer science journals have become little more than software catalogs, full of nothing but blatant advertising. If anyone wants to hear me rant for hours on how I despise people like Dawson Engler, I'll be flying into Vegas Tuesday afternoon. Send me an email and I'll buy you a drink :-) Imagine of a physics journal did that. Imagine if they published papers along the line of "We just created a zero point energy system (trust us), and it was damn awesome! Contact us if you want to license it from us for a nominal fee". In my opinion, if they do not release the code that can reproduce the numbers they are showing off, then they are full of shit and should not be published. The thing I love the most about the security community is that the researchers are only as good as the last thing they broke. You can't get "tenure" in the security community. It doesn't matter if you were the shit 4 years ago, because that means nothing now. If you can't keep up with modern advances, you get left behind. - DEAN nnp wrote:
On Sun, Aug 3, 2008 at 3:30 AM, root <root_ () fibertel com ar> wrote:Dave Aitel wrote:These are not the papers you're looking for. http://www.usenix.org/event/woot08/tech/full_papers/ Seriously, there's nothing there to scare an network offense professional. I don't think it's w00t's fault, either. I think the research communities are diverging into public and private, as this research gets more expensive to do. USENIX may not be the place for academic treatment of offensive security research. A friend of mine wonders if there's any future for academic treatment of the subject at all. He wonder's wistfully of course, since he likes academia. Anyways, either be scary or be silly. There's no middle ground here. It's a fundamental truth in this field: You're either in, or you're out. -daveCommercial security conferences don't have great academic value because they are not peer reviewed (well, not reviewed by academic people) and there are other much important academic journals like ieee, etc. that in theory don't accept money in exchange for the publication of an article.I'd like to get everyone else's opinion/experiences with articles from so called 'peer reviewed' journals like IEEE and the rest. I've spent the past 8 weeks or so working on a project as a research monkey at my uni and spent the first few weeks pouring over journals etc. When it actually came time for implementation though I discovered a huge array of problems that had not been mentioned in the articles (and were presumably ignored as acceptable sources of error). When I contacted the authors requesting to see their software so I could determine if they had solutions to the problems I was either ignored or blown off with excuses like "we currently don't have the resources to make that available". In my opinion this brings all of their results into question when outsiders don't know exactly what sources of error they deemed acceptable. If some academics aren't bothering to release their software and their results are questionable then what purpose do they serve other than to fill pages in journals? So my question basically boils down to, how much reviewing actually goes on? i.e Do they run the software? Do they examine code or formulae? Or is it just a case of 'well it looks right'?Believe me, i had a hard time convincing my thesis advisor of the importance of being a speaker on Blackhat... Anyway, cryptography and cryptanalysis (offensive or not) is certainly dominated by academia, and I don't see that changing on the future. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- w00t 08 Dave Aitel (Aug 01)
- Re: w00t 08 Charles Miller (Aug 02)
- Re: w00t 08 Mike Patterson (Aug 02)
- Re: w00t 08 Jon Oberheide (Aug 02)
- Re: w00t 08 root (Aug 02)
- Re: w00t 08 nnp (Aug 03)
- Re: w00t 08 Katie M (Aug 03)
- Re: w00t 08 dan (Aug 04)
- Re: w00t 08 Dean Pierce (Aug 03)
- Re: w00t 08 dan (Aug 03)
- Re: w00t 08 nnp (Aug 03)
- Re: w00t 08 Adam Shostack (Aug 03)
- Re: w00t 08 Charles Miller (Aug 04)
- some ISECOM releases Pete Herzog (Aug 07)
- Re: w00t 08 Charles Miller (Aug 02)